[PATCH] IPSec fixes

Bjoern A. Zeeb bzeeb-lists at lists.zabbadoz.net
Wed Jan 21 12:38:51 PST 2004

On Sat, 17 Jan 2004, Bjoern A. Zeeb wrote:


> why do we mark all the other SPs not in sptree[] dead ? I think this
> is not correct. We shouldn't walk sptailq but sptree in
> key_spdflush(). So at this point forget the above and have a look
> at the following patch (you may ingnore the inlining)
> (can also be found at
> http://sources.zabbadoz.net/freebsd/patchset/118-ipsec-flush-fix.diff
> )

sorry for replying to myself. I have gone through KAME CVS and checked
where this walk through sptailq has been committed:


	cleanup, avoid double-loop

I think it just happened somewhat erroneously with the cleanup with
the good thought of simplifying and improving code.

sptree[] does not hold all the entries as sptailq does as stated in
my other mail. For me sptree[] holds 18 entries out of 54 in
sptailq. Fully walking both will thus not give the same result.

Reverting first half of this change will do the same as my patch does
(in key_spdflush()) modulo persist checking.

Perhaps this information might help to get this thing sorted out
and closed soon.



Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT
56 69 73 69 74				http://www.zabbadoz.net/

More information about the freebsd-current mailing list